Alexander Schranz
Core Developer – Sulu GmbH
Core developer and support king. So dedicated to his work that we couldn't find a hobby to mention.

Sulu 2.3.11 & 2.4.2 and SuluFormBundle 2.4.0 Release

What is the correct spelling of our beloved CMS - "SULU" or "Sulu"? This question recently came up in our community after one of the community members found both variants in our source code. The answer to the question is "Sulu" and we are happy that the browser tab title was adjusted to be consistent in one of the pull requests included in our new releases. 

Beside of the release of Sulu 2.3.11 and 2.4.2, we also tagged a new minor release for the SuluFormBundle.


Sulu 2.3.11 and 2.4.2 are focused on bugfixes. The releases fixes an infinite loading bug in the contact account selection and improves the handling of internal links when the target page is not published yet. For the full changelog have a look at the release notes on GitHub.

Sulu Form Bundle 2.4

The new 2.4.0 release of the SuluFormBundle includes new useful features:

  • The bundle now integrates with the activity log of Sulu. The activity log feature was introduced with Sulu 2.3 and you can read more about it on our 2.3 release blog
  • One of our partners was interested in a "Copy Form" feature, so the bundle now makes it easier to create multiple forms by copying existing forms and adjusting them. 

For the full release notes have a look at github release tag of the new version. Please also look at the UPGRADE guide which contains all important steps and known issues for upgrading the bundle.

Known Issues

In our last release blog we talked about two known compatibility issues. We are happy to inform you that the issue with doctrine not using utf8mb4 was fixed in the DoctrineBundle 2.5.7. Furthermore, the second issue with symfony/flex manipulating our config/bundles.php was fixed in a recently merged pull request and the next version of symfony/flex will not cause problems anymore.

Unfortunately, a new issue with CSRF tokens and Symfony 5.4 appeared and causes problems with the SuluFormBundle. In previous versions the SuluFormBundle automatically enabled CSRF token protection. To allow for caching the page with the form the CSRF token was loaded over an ESI subrequest. As sessions cannot be started in a ESI request anymore, this is not longer possible. The same limitation was already the case when using a caching solution like Varnish. 

To enable CSRF token protection while still caching pages with forms, it is required to load the CSRF token via ajax. As this requires project specific code, the new version of the SuluFormBundle disables CSRF protection by default. Have a look at the UPGRADE guide of SuluFormBundle 2.4.0 to find out how to do this.

What is coming next?

We are currently evaluating Symfony 6 support for our next minor release. We opened 2 issues on GitHub to reach out to the community about dropping support for older PHP and Symfony versions:

We are interested here in any feedback from our community about how these changes would affect their existing projects and internal libraries.

As always, we are happy to hear your feedback about newly released features and bug fixes. Feel free to create an issue or a discussion on GitHub for bugs and feature requests. You can also contact us via Slack or our Website anytime.